1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Strange Window

Discussion in 'Virus & Other Malware Removal' started by Seiya, Nov 6, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Seiya

    Seiya Thread Starter

    Joined:
    Oct 9, 2005
    Messages:
    60
    When windows start.. a windows appear in cmd.exe and say this..

    C:\WINDOWS\msmsgrs.exe

    connected to lsd.netbrider.ca
    joined channel ###rebel###

    what is this?? Panda AV dont see this file

    Logfile of HijackThis v1.99.1
    Scan saved at 01:59:49 a.m., on 06/11/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\pavsrv50.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Archivos de programa\D-Tools\daemon.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\Archivos de programa\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\Upgrader.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Intec Service Drivers] msmsgrs.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe
    O4 - HKLM\..\Run: [etbrun] c:\windows\system32\elitecxt32.exe
    O4 - HKLM\..\Run: [jqbqj] C:\WINDOWS\jqbqj.exe
    O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgrs.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Game Updater] msgame32.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Go!Zilla] "C:\Archivos de programa\Go!Zilla\gozilla.exe" /tray
    O4 - HKCU\..\Run: [Intec Service Drivers] msmsgrs.exe
    O4 - HKCU\..\Run: [AtiTrayTools] C:\Archivos de programa\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
    O4 - HKCU\..\RunServices: [Intec Service Drivers] msmsgrs.exe
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Archivos de programa\Go!Zilla\download-with-gozilla.html
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129547817640
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://200.72.68.149:18002/wg_webeye.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE3E579-7105-453E-8193-0C88E8CE82AE}: NameServer = 200.50.96.90
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\pavsrv50.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    · http://users.pandora.be/bluepatchy/miekiemoes/tools/LQfix.exe to download LQfix.exe and Save it to your desktop.
    · Doubleclick LQfix.exe and click install.
    · Leave the default settings. If you change them, the fix will fail.
    · Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start.
    · Follow the prompts on the screen.
    · Your system will reboot afterwards.
    · Please be patient after reboot, because there is a script running in the background.
    · When it is finished, come back here and post a new Hijack This log.

    Check your Ewido for updates and run it

    Boot and post a new log
     
  3. Seiya

    Seiya Thread Starter

    Joined:
    Oct 9, 2005
    Messages:
    60
    still is here.
    check this http://img148.imageshack.us/my.php?image=picture27st.png

    didnt work. heres HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 02:46:30 a.m., on 07/11/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\pavsrv50.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Archivos de programa\D-Tools\daemon.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
    C:\Archivos de programa\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Intec Service Drivers] msmsgrs.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe
    O4 - HKLM\..\Run: [jqbqj] C:\WINDOWS\jqbqj.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgrs.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Game Updater] msgame32.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Go!Zilla] "C:\Archivos de programa\Go!Zilla\gozilla.exe" /tray
    O4 - HKCU\..\Run: [Intec Service Drivers] msmsgrs.exe
    O4 - HKCU\..\Run: [AtiTrayTools] C:\Archivos de programa\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
    O4 - HKCU\..\RunServices: [Intec Service Drivers] msmsgrs.exe
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Archivos de programa\Go!Zilla\download-with-gozilla.html
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129547817640
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://200.72.68.149:18002/wg_webeye.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE3E579-7105-453E-8193-0C88E8CE82AE}: NameServer = 200.50.96.90
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\pavsrv50.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    O4 - HKLM\..\Run: [Intec Service Drivers] msmsgrs.exe

    O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe

    O4 - HKLM\..\Run: [jqbqj] C:\WINDOWS\jqbqj.exe

    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

    O4 - HKLM\..\RunServices: [Intec Service Drivers] msmsgrs.exe

    O4 - HKLM\..\RunServices: [Microsoft Windows Game Updater] msgame32.exe

    O4 - HKCU\..\Run: [Intec Service Drivers] msmsgrs.exe

    O4 - HKCU\..\RunServices: [Intec Service Drivers] msmsgrs.exe

    DL http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\jqbqj.exe
    C:\WINDOWS\system32\msgame32.exe
    C:\WINDOWS\system32\msmsgrs.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    Now paste these folders in and make sure Deltree is checked before hitting the red x

    C:\Program Files\Media Gateway

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete
    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  5. Seiya

    Seiya Thread Starter

    Joined:
    Oct 9, 2005
    Messages:
    60
    in safe mode didnt found

    C:\WINDOWS\jqbqj.exe
    C:\WINDOWS\system32\msgame32.exe
    C:\WINDOWS\system32\msmsgrs.exe

    and when boot to finish the process.. say ERROR WHIT ati something like that but nothing serius.

    SOME LAST QUESTION, a AV and firewall free to download? Panda gives me some problems
    Logfile of HijackThis v1.99.1
    Scan saved at 07:33:45 a.m., on 07/11/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\pavsrv50.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Archivos de programa\D-Tools\daemon.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\Archivos de programa\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe
    C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\Upgrader.exe
    C:\Archivos de programa\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Go!Zilla] "C:\Archivos de programa\Go!Zilla\gozilla.exe" /tray
    O4 - HKCU\..\Run: [AtiTrayTools] C:\Archivos de programa\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Archivos de programa\Go!Zilla\download-with-gozilla.html
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129547817640
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://200.72.68.149:18002/wg_webeye.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE3E579-7105-453E-8193-0C88E8CE82AE}: NameServer = 200.50.96.90
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\pavsrv50.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Firewall - Zone Alarm

    http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=nav_za

    AV - AVG

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

    ===============

    Get all of these and/or verify you have the current versions

    SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
    SpyBot V1.4 http://www.majorgeeks.com/download2471.html
    AdAware SE 1.06 http://www.majorgeeks.com/download506.html
    MS AntiSpy - http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en (XP and W2K only)

    DL them (they are free), install them, check each for their
    definition updates
    and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
    they say.

    In SpywareBlaster - Always enable all protection after updates
    In SpyBot - After an update run immunize
    ===========================

    de donde?

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Strange Window
  1. eshepherd
    Replies:
    1
    Views:
    449
  2. GoldenSilence
    Replies:
    3
    Views:
    752
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/414327

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice